Posted
by
timothyon Thursday May 29, 2014 @02:43PM
from the say-fellas-we-could-give-the-money-back dept.

NewYorkCountryLawyer (912032) writes "New York City Council Member Ben Kallos (KallosEsq), who also happens to be a Free and Open Source Software (FOSS) developer, just introduced legislation to mandate a government preference for FOSS and creating a Civic Commons website to facilitate collaborative purchasing of software. He argues that NYC could save millions of dollars with the Free and Open Source Software Preferences Act 2014, pointing out that the city currently has a $67 million Microsoft ELA. Kallos said: 'It is time for government to modernize and start appreciating the same cost savings as everyone else.'"

Evaluate software not just on purchasing/licensing costs but also on the cost of installing the software, migrating old documents, and training users, and the time required to complete day-to-day tasks. Because sometimes FOSS is only free if your time is worth nothing.

Sure. As long as the same is done with Windows. We went from XP to 7 and every edition of Office with no training. In those cases, we all taught ourselves and each other informally. I taught myself Ubuntu at home, so it can be done. Let's just compare apples to apples.

Therefore, the government paying a corp for a service is like the govt paying a contractor for a service -- you don't get to look inside the private workings of either, you just get to enjoy the services rendered.

Enough of playing the advocate.

I agree with you 100% -- but I also know that you have to stick your foot in the door with reasonable claims before you can pry the door wide open with claims that those inside may not currently find re

Open standards is extremely important. I'd hate for all that data to be locked into Microsoft Excel format, or what have you.

While I agree that sometimes the FOSS is buggy or missing features, I do not think in this situation we should let that stop us. In fact, I would love to see NYC (and other cities across the country) agree to sponsor/contract a couple of developers each to work on whatever we need: data formatting and conversion, word processing, accounting, voting software, etc. In this way, while the FOSS is maybe not up to spec today, we can all work together on making it up to spec soon. In this way, we all pool resources, get it done correctly ONCE*, and enjoy the savings and philosophical warm and fuzzies.

(* yes I understand that long term we would probably need to continually hire developers on a contract basis to fix problems that come up, or add new features or support for new operating systems, etc., but generally speaking it would be much less impact on the budget long term -- though I also understand the political pressure currently to cut budgets rather than spend a little extra for a perk down the road.).

So instead of Microsoft (a dedicated software company), we would have a network of cities with a couple of developers in each working on an office suite? That's a horrible waste of resources, especially when we already have Microsoft Office which works fine for the most part. Look, I share the concern about open standards, but we have to also consider what is practical.

You are correct, if everyone made their own office suite, but that was not what I was proposing.

I instead would like a few local/state governments to COLLABORATE on the SAME FOSS office suite (and maybe not even a totally new one -- perhaps jump on board LibreOffice, Calligra, etc.) and make it up-to-par to the needs of government, rather than paying Microsoft for continually bloated office suites that push you more and more to their OneDrive and proprietary formats. Yes, there would be some up-front costs, but then everyone -- local governments, small business, whatever -- could benefit from a nice FOSS suite. It's a much more practical use of resources, as well as philosophically good (since government is keeping data in open and documented formats and software, supporting small business by hiring people to work on it, letting small business use the FOSS for free, etc.)

That model has worked very well with various universities and other agencies pitching in on Moodle, which is a framework that hosts online courses. It takes care of things like enrollments, grade reporting, etc. - everything that isn't course-specific. After a couple of years of open widespread contributions, Moodle is as good as any commercial competitor.

Evaluate software not just on purchasing/licensing costs but also on the cost of installing the software, migrating old documents, and training users, and the time required to complete day-to-day tasks. Because sometimes FOSS is only free if your time is worth nothing.

And require open standards.

That's a BS excuse. I've been pushing FOSS for quite a while in a company that uses that very excuse quite a bit. But how many projects have you been involved in where the profit gains have been so desirable that Executives just say "You know what, I'm just signing off on this and ignoring your concerns. You'll figure it out."??? Hell, that's what happens MOST of the time on very large, complex projects. There's no reason the government can't do the same. Dump the new systems on the users, they HAVE to figu

About the only way to get open standards is to use FOSS. There are also benefits that will spur the local economy as proven with the recent story on Munich. Plenty of FOSS projects are best of class. It is not just about up front costs or installation and configuration. What are the ongoing support costs? For a given number of servers, it usually means more Windows admins that Unix/Linux admins. Unix/Linux can do more on given hardware than Windows. When Microsoft transitioned Hotmail from BSD to Windows Server, they had to more than double the amount of servers to achieve the same performance.

Plenty of Government uses FOSS- http://leeunderwood.org/linux/... [leeunderwood.org]There are even more undocumented cases, but I am not at liberty to divulge that information.

"but since you are more productive with FOSS"
Prove it. Learning curve? Time to fully migrate a user from Windows XP/7 with Office 2007/2010 to Mint w/ LibreOffice? WHAT will they be more productive with? Most people spend their days in a web browser, and an office suite. The proprietary software is usually written for Windows.
Claims like this are what hold the F/OSS community back. PROVE your hype.

> Money saved by the government never translates into money put back in the pocket of the tax payers.

So instead of saving it, the money should just go to vendors?

The money may not go into the pocket of taxpayers, but some or all of it may go into other government expenses. So that $67 million to Microsoft could either lower the budget by $67 million, which you say never happens, and it might not, or it could be spent on other items in the budget. That seems better than wasting it.

It is necessary for the functioning of the city that computer data owned by the city be permanently available to the city throughout its useful life. To guarantee the succession and permanence of public data, it is necessary that the city's accessibility to that data be independent of the goodwill of the city's computer system suppliers and the conditions imposed by these suppliers. It is in the public interest to ensure interoperability of computer systems through the use of software and products that promote open, platform-neutral standards. It is also in the public interest that the city be free, to the greatest extent possible, of conditions imposed by parties outside the city's control on how, and for how long, the city may use the software it has acquired. Finally, it is not in the public interest and it is a violation of the fundamental right to privacy for the city to use software that, in addition to its stated function, also transmits data to, or allows control and modification of its systems by, parties outside of the city's control.

I agree that we should use the right tool for the right job, but why should that exclude FOSS?

From my own experience, today, I would say that one way Office fails is that a document written in Open Document Format, which is a standard that MS has signed on to, could not be opened by my boss. I don't know the details in this particular case, but several times with my own work I've experienced a failure where the new MS "security features" prevent opening anything not produced by MS Office, or even by an earlier version of MS Office. I forget what it's called, but it required my to get an upgraded v

The "security" feature has a documented workaround, and is there because the components reading older versions have vulnerabilities. It si quite simple to define a folder as "safe" and move the documents there, or to define the folder where the documents are located as "safe". This feature has been ther esince Office 2003, and your IT support people should know this.

If your boss could not open ODF in MS Office, then maybe it is because Office open ODF files according to the standard. The problem is that m

I think you would agree that Office 365 meets approximately none of the requirements. Consider Adobe recently decided to make all of their software subscription / cloud only. Microsoft _could_ therefore do the same with Office. Knowing that, reread this sentence:

> be independent of the goodwill of the city's computer system suppliers and the conditions imposed by these suppliers.

I know it's the default in NYC (and NY in general), but I still wish some of these smarter guys would rebel and throw off the chains of the Party of Slavery. It forces me to question everything you do, even if it sounds interesting and benificial.

I know it's the default in NYC (and NY in general), but I still wish some of these smarter guys would rebel and throw off the chains of the Party of Slavery. It forces me to question everything you do, even if it sounds interesting and benificial.

Yes, TCO is an important consideration WRT software/systems purchasing, as is the mix of administration and support personnel currently employed by the city. We should weigh all the costs *and* benefits of any solution implemented by NYC government. I suspect that in some cases, FOSS solutions will be better and/or more cost-effective than proprietary ones, and in other cases they will not.

So, rather than go on with political party smears that haven't been true since before the majority of NYC residents (

No, just no. The quality of OSS is too bad. Well, let's not say bad per se, but it varies a lot. What you win in software licensing costs, you lose in fighting all the bugs. Too many of your support calls will be wasting your time with silly glitches [launchpad.net].

This is certainly true for some software (GUI/UX-heavy sort of applications, in my experience). Linux kernel, Apache (and the whole LAPP/LAMP stack), FireFox/Chromium, etc. are all OSS (to some extent). Yes, I think Open/LibreOffice is FAR from competitive with Word -- so I guess I'm agreeing with you, it varies a lot; but I take issue with "the quality of OSS is too bad."

I'm certainly not advocating abandoning proprietary software in one fell swoop. But there are cases where it can make loads of sense -

This is certainly true for some software (GUI/UX-heavy sort of applications, in my experience). Linux kernel, Apache (and the whole LAPP/LAMP stack), FireFox/Chromium, etc. are all OSS (to some extent). Yes, I think Open/LibreOffice is FAR from competitive with Word -- so I guess I'm agreeing with you, it varies a lot; but I take issue with "the quality of OSS is too bad."

You're citing the same handful of great (yes, they are) OSS apps that most proponents of OSS do, but these, in my experience, are the exception, not the rule.

My apologies if your post was sarcasm. Projects are at Launchpad for a reason, the packages are not ready to be included in the repositories.

My apologies if your post was sarcasm.

If not, you seem not to be aware that Launchpad is also the main bug tracker for Ubuntu.

I have converted many machines from Windows 8 to Mint over the last several months, leaving my contact information. Not only have I had zero calls for support, I am getting references to switch even more people over.

Well, good for you. What kind of tasks are your customers performing on those machines?

It's been a while, but the stats I'm familiar with showed that FOSS code had a lower error rate than commecial code - 1 error per 200 lines vs. 1 error per 80 lines in shipping production code. IIRC that 1 in 80 number was originally from Microsoft, about their own Windows code.

From my Software Quality Assurance Workshop that I ran a few decades ago, the numbers for enterprise level, production code using the best practices of the time were in that same ballpark. Interestingly the rate didn't vary with la

Yeah, whatever, man. I'm right now personally bisecting a regression where Linux kernel fails to enable render ring (3D acceleration) for GM45, and another regression where the ACPI fan control broke for a laptop. At the same time the default Ubuntu media player is unable to show the mouse cursor and control widgets in full screen when I move the mouse. These kind of things very rarely break under Windows and Mac. My point remains: no one will be able to use a full open source software stack in business wor

In fairness, those sound like mostly hardware driver issues. FOSS often has a disadvantage when the hardware vendors neither build a linux version of their proprietary drivers, nor provide adequate, up to date information for someone else. This has been perhaps the longest running and most problematical part of the Linux situation. A very relevant question is whether the ACPI fan itself is doing what it's supposed to - it may be that the HW vendor put a hack in its proprietary Windows driver to work arou

So is it a stable kernel or an RC kernel? There is a lot of ACPI stuff going on with the RC kernels right now.

I ran across the fan issue with the Ubuntu 14.04 LTS stock kernel (3.13). The bug itself seems to have happened somewhere between 3.11 and 3.12. Still working on it.

Also, you said you thought the media player was supposed to be displaying the mouse cursor (not the window manager?).

Yes, it could be a window manager bug too.

Why are you "personally bisecting a regression", when you don't have to? Someone else will fix it for you

Sure, the "open source community", the mythical creature which always does the work for me for free, so I can just drink beer. Look, if it's a clear regression, I can accelerate solving the bug greatly by doing the bisecting and testing on my personal machine, so I can pinpoint it into certain piece of c

No, just no. The quality of OSS is too bad. Well, let's not say bad per se, but it varies a lot. What you win in software licensing costs, you lose in fighting all the bugs. Too many of your support calls will be wasting your time with silly glitches [launchpad.net].

Unity (back in 2011 remember) is a very twisted example to go for, a piece of very immature software. Part of Ubuntu 11.10 which was an non LTS release. If any IT manager deploys that in the first place you've got much bigger problems than painful support calls.

I keep seeing these types of stories, with people screaming about how much "Cheaper" OSS is vs. Closed Source. But very few people look past the cost of the licensing.
I challenge you to replace a fully-working Microsoft environment with something OSS that provides full feature parity.
Removing Exchange/Outlook is always the sticking point. You can piss and moan about standards, and Outlook client issues all day long, but the fact remains that Outlook/Exchange "just works", scales incredibly well, and i

I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.

I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.

Agreed. All government documents should be written with LaTeX and/or XML to get away from any proprietary or screw-ball formats.

Taxpayers should not be paying for someone's pet cause...
Proper action would be to mandate the government to use the best software for the task at hand... Let the technical merits decide.

I'm sorry, but while technical merits should be paramount, they are not the only consideration. Public contracting is not an exact science, and it is entirely appropriate to have non-technical considerations tip the scales in close cases. So while Free Software should not be mandatory, legislating a preference for it makes perfect sense.

Furthermore, there are considerations beyond the needs of a specific project and tender. Free Software has an externality: when the government (as a customer) requests modifications and improvements (and pays for them to be created), everyone benefits. For example, when my university has Blackboard Inc fix a bug (or improve the software) only Blackboard captures the value (when they sell their software to the next customre). If we were using Moodle, every other Moodle user would automatically benefit. Had we opted for Moodle, we'd also benefit from fixes made by other universities.

Agree. It's just giving "prefered supplier" status to OSS rather than a specific company, large IT firms get similar preferential treatment because of the "nobody gets sacked for picking IBM" factor. This is why it is important to be seen as a "teir 1" provider, you don't have to look for government tenders you automatically get an invite. Someone still has to integrate all the "free" software bits into a system, IT firms will still be hired to do that and they won't miss out on a penny, they just get a "u

It's important not to conflate 'open source' and 'community developed' in this situation. A requirement that all procurements be open source just means that, as part of the purchase, the government gets a perpetual license that permits modification and redistribution (both of the original and derived works). It can still be bespoke software written by Oracle or IBM (or in-house), or a completely off-the-shelf product, but the customer is then always able to find a second source for maintenance if one is r

> If we were using Moodle, every other Moodle user would automatically benefit. Had we opted for Moodle, we'd also benefit from fixes made by other universities.

Moodle sure has worked well for us. Many of the custom modules we have wanted have been written by devsat other universities. When I write stuff, everyone benefits as you say. Two additional benefits with Moodle specifically are quality control and maintenance. Any patches I make to the core Moodle are QAed quite a bit through the Moodle process

The government has a responsibility to utilize open source, so they can know exactly what the software is doing, hire anyone to modify it to meet their needs, and give the public the ability to do the same. It's in the public interest, regardless of how well the software works or how much money they save; those are only bonuses.

Open source != free beer.
In fact, being "gratis" is not a requirement for being open source.
Open source is, amongst more familiar aspects, about stuff like accountability.

Indeed, and this is also an excellent example of where we can use the canonical/. automotive simile: There is a long tradition of government agencies (and some corporations) requiring that all purchased vehicles come with complete shop manuals. This is a direct parallel to requiring the source code for software. In both cases, such a requirement makes it possible for the purchasing organization to set up their own repair shop to fix the products when something fails. It also allows the purchaser to ma

> Proper action would be to mandate the government to use the best software for the task at hand.
> That might be open source software. It might be Microsoft software. Let the technical merits decide.

Freedom and cost are technical merits.

Closed source software is not forbidden, just not preferred. If other factors outweigh freedom and cost, then so be it. But if other factors are the same, then freedom and cost seem to be reasonable factors upon which to have a preference.

This "Pet Cause" is actually a conflict of interest and is illegal. He is part of an organization that may benefit from the decision, and should thereby recuse himself from the discussion.

The City Council could benefit? I guess that any law that might improve the lives of NYC residents could benefit the members of the City Council. By your logic, City Council members should recuse themselves from all legislation unless it harms NYC, right?

Willful ignorance of what the above person said is not a good thing. An open source software developer stands to (quite probably) make money for either himself or his friends directly from going to open source because government likes being supported. Thus pushing this into law as a legislator is a direct conflict of interest, and ethically questionable. This has nothing to do with indirect benefits, like you imply.

I'll quote the original poster, so you know what I'm referring to:

... He is part of an organization that may benefit from the decision, and should thereby recuse himself from the discussion. [Emphasis Added]

Since the summary and the attached link make only one assertion as to which "organization" this guy belongs, that is the NYC Council, I questioned the validity of his point. Unless there's some shadowy "Open Source Developer" organization that I've never heard about. I suppose it's possible that the Co

Is proposing a bill to the council illegal (when there is a conflict of interest)?
If it came to a vote and he didn't recuse himself I could understand the conflict.
I don't know how the ethics laws are written.

dude. your argument is basically this : "hEartbleed was a serious bug in FOSS. therefore FOSS is bad". So periodically FOSS has a serious bug. okay.

I'm not even going to bother trying to reference all the recent events involving Adobe, MS, or Apple having quite serious bugs in their proprietary code.A similar bug could have just as easily have happened to a closed source shop. As long as humans are writing the code, it's a possibility.

The thing is, companies with licensing revenue have every incentive in the world to machinate lock-in. And with lock-in comes higher prices, both for support and the software itself.

By all means use the best tool for the job, but retaining some optionality for the future is a valuable thing.

I'd rather keep the risk of another bug like heartbleed than deal with vendor lock-in, ever increasing licensing costs, compliance costs, potential BSA raids, and frequent zero day exploits. =/

dude. your argument is basically this : "hEartbleed was a serious bug in FOSS. therefore FOSS is bad". So periodically FOSS has a serious bug. okay.

No I think his point is that if the government starts developing and using FOSS then we are going to end up with a horrible solution that costs a fortune and takes forever, have you seen the monumental fuckups and cost blow-outs of government IT projects? You really want to entrust them with the software development aspects as well?

It's one thing to say they should use a distro like Ubuntu in place of Windows or LibreOffice as opposed to MS Office but a sweeping move to the government adopting and contribut

I live in Oregon, Oracle was working on our ACA portal, it has cost a fortune and is taking forever.

At any rate though, I think that transparency in government is a good thing. With a bridge or a road, we see the budget, and we see the final results. We see the relative quality, and where it's breaking down.

With software, we see a price tag (loosely based on reality) and we see superficially how it performs -- otherwise it's a black box (or in Oracle's case, a black hole). With FOSS, whatever code the go

Or they just hide the errors, present them as someone else's fault, or it's "not on the tasklist" and thus never gets addressed. I've certainly seen all of these, with both open source and closed source. But closed source is more prone to pretending the problems do not exist, especially when the major security groups have agreed not to publish flaws that there is not yet a patch for.

...except you always have the costs of integration and maintenance anyways. Hiding from Free Software won't change that. Those costs can be considerable and ongoing for commercial proprietary solutions.

Your argument only works if you try and pretend that integration and maintenance of commercial software is free.

That argument works both ways. Microsoft has had some very serious security bugs. Therefore, using your logic, all Microsoft software should not now or ever again be trusted. Think Code Red and others. In 1999 on a fully patched NT box you could compromise it with regular HTTP requests to IIS by just using pathnames with dot-dot-backslash and then working your way down the WINDOWS System CMD.EXE and then using it to run TFTP.EXE which was a standard part of the install. You could make the server TFTP down a bad exe from your own server, and then a second carefully crafted Http request to CMD.EXE could execute it for you. Game over.

Microsoft then fixed this by not allowing IIS to accept the dot-dot-backslash business. But you could use percent-sign-hex characters to represent the dot-dot-backslash. Microsoft then fixed that in IIS, but the filesystem would still accept the percent-hex-code characters. So you could double-escape them to get the filesystem to walk you to the CMD.EXE. Eventually they got this right and it was fixed. But there were many other holes. And who's stupid idea was it to run a server process, basically with root privileges?

I could go on. Even recently there was a major IE vulnerability that affected current and past versions.